• GFI Mail Archiver 15.1 – Telerik UI Component Arbitrary File Upload (Unauthenticated) Exploit

    GFI Mail Archiver is a product from GFI Software which is used for archiving emails. It is a product that is used by many organizations to protect and keep their emails backed up and secure. This vulnerability affects GFI Mail Archiver <= 15.1 which is the latest version available right now. The exploit requires no authentication and any type of file can be uploaded to the web server running this application. I decided to release this exploit to public because GFI refused to fix this vulnerability even after giving them over 4 months of time. https://www.exploit-db.com/exploits/50181

  • Acknowledged by Nokia

    Since I changed my LinkedIn status from “Not looking” to “Actively looking”, I have been getting interview calls from various places. One thing that I have been asked almost in every interview was if I participate in any bug bounty programs and my answer was always ‘no’ and I was told to participate to show off my skills. It is not that I do not like bug bounty hunting, it’s just that I never participated in them and never had the time to do so but I decided to give it a try just to build up my profile. So, I sat down one day and decided to go with…